[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cpx] Security Breach!

Subject: [cpx] Security Breach!
From: Jonathan Duncan <jonathan@xxxxxxxxxx>
Date: Fri, 14 Apr 2006 15:31:54 -0600 (MDT)

Ok, I am worried. I did not even stop to check if this was in thearchives or not.

I was just logged into CPX as the "server admin user". Just for kicks Idecided to try to access a file that should not have been accessible atall. Before I accessed the file, it looked like this:


-rw-------   1 root         wheel           1584 Jan 25 09:11 secrets.txt

To my shock and horror I was able to view the file in CPX(fortunately I was using HTTPS). After I accessed the file it looked likethis:


-rw-rw----   1 root         www             1584 Jan 25 09:11 secrets.txt

Ummmm.... does anyone else see the major security issue(s) here?!

Is this a known bug? Is this a feature? If so, it is a terriblefeature, IMESHO.


Thanks,
Jonathan
======================================================================
This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- Re: [cpx] Security Breach!
  - From: Rus Berrett

Prev by Date: Re: [cpx] More CPX problems - WARNING
Next by Date: [cpx] All users reverted to the hostname
Previous by thread: Re: [cpx] CPX problems - Mail options not visible.
Next by thread: Re: [cpx] Security Breach!
Index(es):
- Date
- Thread

Home | Main Index | Thread Index